[teiid-commits] teiid SVN: r4196 - in trunk: build/kits/jboss-as7/standalone/configuration and 6 other directories.

Thursday, 21 June 2012

Author: shawkins
Date: 2012-06-21 21:39:29 -0400 (Thu, 21 Jun 2012)
New Revision: 4196

Added:
   trunk/engine/src/main/resources/META-INF/
   trunk/engine/src/main/resources/META-INF/services/
  
trunk/engine/src/main/resources/META-INF/services/org.teiid.dqp.internal.process.AuthorizationValidator
Modified:
   trunk/build/kits/jboss-as7/bin/scripts/teiid-domain-mode-install.cli
   trunk/build/kits/jboss-as7/standalone/configuration/standalone-teiid.xml
  
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java
   trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java
   trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java
  
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java
  
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java
   trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidAdd.java
Log:
TEIID-2082 correcting validation of common table expressions and allowing the config to
disable authorization validation

Modified: trunk/build/kits/jboss-as7/bin/scripts/teiid-domain-mode-install.cli
===================================================================

--- trunk/build/kits/jboss-as7/bin/scripts/teiid-domain-mode-install.cli	2012-06-21
19:07:57 UTC (rev 4195)
+++ trunk/build/kits/jboss-as7/bin/scripts/teiid-domain-mode-install.cli	2012-06-22
01:39:29 UTC (rev 4196)
@@ -16,7 +16,7 @@

/profile=ha/subsystem=security/security-domain=teiid-security/authentication=classic:add(login-modules=[{"code"=>"org.jboss.security.auth.spi.UsersRolesLoginModule",
"flag"=>"required",
"module-options"=>[("usersProperties"=>"${jboss.domain.config.dir}/teiid-security-users.properties"),
("rolesProperties"=>"${jboss.domain.config.dir}/teiid-security-roles.properties")]}])

 /profile=ha/subsystem=threads/bounded-queue-thread-pool=teiid-async:add(name=teiid-async,
max-threads=4, queue-length=100)
 
-/profile=ha/subsystem=teiid:add(async-thread-pool=teiid-async,
distributed-cache-jgroups-stack=udp, resultset-cache-infinispan-container=teiid-cache)
+/profile=ha/subsystem=teiid:add(async-thread-pool=teiid-async,
distributed-cache-jgroups-stack=udp, resultset-cache-infinispan-container=teiid-cache,
authorization-validator-module=org.jboss.teiid)
 /profile=ha/subsystem=teiid/transport=embedded:add()
 /profile=ha/subsystem=teiid/transport=jdbc:add(protocol=teiid, socket-binding=teiid-jdbc,
ssl-mode=login, authentication-security-domain=teiid-security)
 /profile=ha/subsystem=teiid/transport=odbc:add(protocol=pg, socket-binding=teiid-odbc,
authentication-security-domain=teiid-security) 

Modified: trunk/build/kits/jboss-as7/standalone/configuration/standalone-teiid.xml
===================================================================
--- trunk/build/kits/jboss-as7/standalone/configuration/standalone-teiid.xml	2012-06-21
19:07:57 UTC (rev 4195)
+++ trunk/build/kits/jboss-as7/standalone/configuration/standalone-teiid.xml	2012-06-22
01:39:29 UTC (rev 4196)
@@ -278,7 +278,7 @@
             <transport name="odbc" protocol="pg"
socket-binding="teiid-odbc">
                 <authentication security-domain="teiid-security"/>
             </transport>
-                    
+           
<authorization-validator-module>org.jboss.teiid</authorization-validator-module>
       
             <translator name="jdbc-simple"
module="org.jboss.teiid.translator.jdbc"/>
             <translator name="jdbc-ansi"
module="org.jboss.teiid.translator.jdbc"/>
             <translator name="access"
module="org.jboss.teiid.translator.jdbc"/>

Modified:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java
===================================================================
---
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java	2012-06-21
19:07:57 UTC (rev 4195)
+++
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java	2012-06-22
01:39:29 UTC (rev 4196)
@@ -22,17 +22,7 @@
 
 package org.teiid.dqp.internal.process;
 
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 import org.teiid.CommandContext;
 import org.teiid.PolicyDecider;
@@ -53,17 +43,7 @@
 import org.teiid.query.metadata.TempMetadataID;
 import org.teiid.query.resolver.util.ResolverUtil;
 import org.teiid.query.sql.LanguageObject;
-import org.teiid.query.sql.lang.AlterProcedure;
-import org.teiid.query.sql.lang.AlterTrigger;
-import org.teiid.query.sql.lang.AlterView;
-import org.teiid.query.sql.lang.Create;
-import org.teiid.query.sql.lang.Delete;
-import org.teiid.query.sql.lang.Drop;
-import org.teiid.query.sql.lang.Insert;
-import org.teiid.query.sql.lang.Into;
-import org.teiid.query.sql.lang.Query;
-import org.teiid.query.sql.lang.StoredProcedure;
-import org.teiid.query.sql.lang.Update;
+import org.teiid.query.sql.lang.*;
 import org.teiid.query.sql.symbol.ElementSymbol;
 import org.teiid.query.sql.symbol.Function;
 import org.teiid.query.sql.symbol.GroupSymbol;
@@ -298,7 +278,7 @@
                     		Map<String, LanguageObject> procMap = new
LinkedHashMap<String, LanguageObject>();
                     		addToNameMap(((TempMetadataID)metadataID).getOriginalMetadataID(),
symbol, procMap);
                     		validateEntitlements(PermissionType.EXECUTE, auditContext,
procMap);
-                    	} else if (group.isTempTable()) {
+                    	} else if (group.isTempTable() &&
group.isImplicitTempGroupSymbol()) {
                     		validateTemp(actionCode, group, auditContext);
                     	}
                         continue;

Modified:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java
===================================================================
---
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java	2012-06-21
19:07:57 UTC (rev 4195)
+++
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java	2012-06-22
01:39:29 UTC (rev 4196)
@@ -63,7 +63,4 @@
 	 */
 	boolean hasRole(String roleName, CommandContext commandContext);
 	
-	boolean isEnabled();
-	
-	void setEnabled(boolean enabled);
-}
+}
\ No newline at end of file

Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java
===================================================================
---
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java	2012-06-21
19:07:57 UTC (rev 4195)
+++
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java	2012-06-22
01:39:29 UTC (rev 4196)
@@ -100,20 +100,6 @@
 		this.lobChunkSizeInKB = lobChunkSizeInKB;
 	}
 	
-    /**
-     * Determine whether role checking is enabled on the server.
-     * @return <code>true</code> if server-side role checking is enabled.
-     */
-    public boolean getUseDataRoles() {
-        return this.authorizationValidator != null &&
this.authorizationValidator.isEnabled();
-    }
-
-	public void setUseDataRoles(boolean useEntitlements) {
-		if (this.authorizationValidator != null) {
-			this.authorizationValidator.setEnabled(useEntitlements);
-		}
-	}
-
 	public int getQueryThresholdInSecs() {
 		return (int)queryThresholdInMilli/1000;
 	}

Modified:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java
===================================================================
---
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java	2012-06-21
19:07:57 UTC (rev 4195)
+++
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java	2012-06-22
01:39:29 UTC (rev 4196)
@@ -68,12 +68,10 @@
 		return policyDecider;
 	}
 	
-	@Override
 	public boolean isEnabled() {
 		return enabled;
 	}
 	
-	@Override
 	public void setEnabled(boolean enabled) {
 		this.enabled = enabled;
 	}

Added:
trunk/engine/src/main/resources/META-INF/services/org.teiid.dqp.internal.process.AuthorizationValidator
===================================================================
---
trunk/engine/src/main/resources/META-INF/services/org.teiid.dqp.internal.process.AuthorizationValidator	
                       (rev 0)
+++
trunk/engine/src/main/resources/META-INF/services/org.teiid.dqp.internal.process.AuthorizationValidator	2012-06-22
01:39:29 UTC (rev 4196)
@@ -0,0 +1 @@
+org.teiid.dqp.internal.process.DefaultAuthorizationValidator
\ No newline at end of file

Modified:
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java
===================================================================
---
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java	2012-06-21
19:07:57 UTC (rev 4195)
+++
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java	2012-06-22
01:39:29 UTC (rev 4196)
@@ -310,9 +310,12 @@
         helpTest("SELECT e1 INTO #temp FROM pm1.g1",
RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(),
exampleAuthSvc1()); //$NON-NLS-1$
         helpTest("SELECT e1 INTO #temp FROM pm1.g1",
RealMetadataFactory.example1Cached(), new String[] {"#temp"},
RealMetadataFactory.example1VDB(), exampleAuthSvc2()); //$NON-NLS-1$
         helpTest("SELECT e1 INTO #temp FROM pm1.g1",
RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(),
exampleAuthSvc2(), exampleAuthSvc1()); //$NON-NLS-1$
-
     }
     
+    @Test public void testCommonTable() throws Exception {
+    	helpTest("WITH X AS (SELECT e1 from pm1.g2) SELECT e1 from x",
RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(),
exampleAuthSvc2()); //$NON-NLS-1$
+    }
+    
     @Test public void testTempTableSelectInto1() throws Exception {
         helpTest("SELECT e1, e2 INTO #temp FROM pm1.g1",
RealMetadataFactory.example1Cached(), new String[] {"pm1.g1.e2"},
RealMetadataFactory.example1VDB(), exampleAuthSvc1()); //$NON-NLS-1$ //$NON-NLS-2$
     }

Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidAdd.java
===================================================================
--- trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidAdd.java	2012-06-21
19:07:57 UTC (rev 4195)
+++ trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidAdd.java	2012-06-22
01:39:29 UTC (rev 4196)
@@ -287,22 +287,21 @@
     	}
     	else {
     		DataRolePolicyDecider drpd = new DataRolePolicyDecider();
-    		drpd.setAllowCreateTemporaryTablesByDefault(true);
-    		drpd.setAllowFunctionCallsByDefault(true);
     		policyDecider = drpd;
     	}
     	
     	final AuthorizationValidator authValidator;
     	if (Element.AUTHORIZATION_VALIDATOR_MODULE_ELEMENT.isDefined(operation)) {
     		authValidator = buildService(AuthorizationValidator.class,
Element.AUTHORIZATION_VALIDATOR_MODULE_ELEMENT.asString(operation));
-    		authValidator.setEnabled(true);
     	}
     	else {
     		DefaultAuthorizationValidator dap = new DefaultAuthorizationValidator();
-    		dap.setPolicyDecider(policyDecider);
-    		dap.setEnabled(true);
+    		dap.setEnabled(false);
     		authValidator = dap;
     	}
+		if (authValidator instanceof DefaultAuthorizationValidator) {
+			((DefaultAuthorizationValidator)authValidator).setPolicyDecider(policyDecider);
+		}
     	
     	ValueService<AuthorizationValidator> authValidatorService = new
ValueService<AuthorizationValidator>(new
org.jboss.msc.value.Value<AuthorizationValidator>() {
 			@Override


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[teiid-commits] teiid SVN: r4196 - in trunk: build/kits/jboss-as7/standalone/configuration and 6 other directories.